-
Functional Test
-
Critical
-
Moodle 4.4
The goal of this test is to verify that admin can add ReCAPTCHA to the site log in page to add an extra layer of protection against user account brute force attacks and bot logins.
Requirements
- reCaptcha site key and reCaptcha secret key, follow https://www.google.com/recaptcha/about/ to get yours.
- Please be noted that Moodle only supports v2 reCaptcha, so you will need to choose v2 instead of v3.
- You'll need admin access and another user (new or existing).
Setup, settings and and basic testing
- As admin, navigate to Home and turn editing mode on.
- Add the "Login" block to the side region.
- Navigate to Site Administration > Plugins > Authentication > Manage authenticaton.
- Verify that there's a setting called "Enable reCAPTCHA for login" (enableloginrecaptcha) in the Common settings section.
- Verify that the default value is No.
- Now set the "Enable reCAPTCHA for login" to Yes.
- Make sure that the ReCAPTCHA site key and ReCAPTCHA secret key are blank.
- Save changes and log out.
- Navigate to the home page and click Log in link.
- Verify that you will not see the reCaptcha element.
- Verify that you can log in successfully.
Using ReCAPTCHA credentials to display the validation element
- Login as admin and go the "Manage authentication" page again.
- Fill in the ReCAPTCHA site key and ReCAPTCHA secret key.
- Save changes and log out.
- Navigate to the home page and click Log in link.
- Verify that you will see the reCaptcha element.
- Fill in the username and password and leave the reCaptcha as is.
- Click the Login button.
- Verify that you cannot log in.
- Verify that you will see a message: Failed reCAPTCHA challenge, try again.
- Fill in the username and password again.
- Click on the reCaptcha and try to solve it. (Until you get the green tick).
- Click the Login button and verify that you can log in successfully.
Password change should not display captcha element
- Login as admin and navigate to Site Administration > Users > Browse list of users
- Click on the "Edit" icon for a user and check the "Force password change" checkbox.
- Click the Update profile button.
- Logout and login as the user.
- Verify that you will see the Password change page.
- Verify that you can change the password normally.
- Logout.
Captcha element can be used in the "Login" block
- Navigate to the home page and expand the block drawer.
- Verify that you will see the Login block.
- Verify that you will see the reCaptcha element in compact mode (Smaller than normal).
- Fill in the username and password and leave the reCaptcha as is.
- Click the Login button.
- Verify that you cannot log in.
- Verify that you will see a message: Failed reCAPTCHA challenge, try again.
- Fill in the username and password again.
- Click on the reCaptcha and try to solve it. (Until you get the green tick).
- Click the Login button.
- Verify that you can log in successfully.
Disabling reCAPTCHA
- As admin, navigate to Site Administration -> Plugins -> Authentication -> Manage authenticaton.
- Set the "Enable reCAPTCHA for login" to No.
- Save changes and log out.
- Navigate to the home page and click Log in link.
- Verify that you will not see the reCaptcha element.
- Verify that you can log in successfully.